This blog is totally independent, unpaid and has only three major objectives.
The first is to inform readers of news and happenings in the e-Health domain, both here in Australia and world-wide.
The second is to provide commentary on e-Health in Australia and to foster improvement where I can.
The third is to encourage discussion of the matters raised in the blog so hopefully readers can get a balanced view of what is really happening and what successes are being achieved.

Friday, April 27, 2012

A Serious Commentator Makes Some Smart Points About Responsibility and Consultation In E-Health System Delivery.

Joseph Conn - reporter and blogger at Modern Medicine in the
US - who has been reporting on all this for decades has got a bee in his
bonnet. I think he is spot on.

The
project erroneously supposed that patient consent laws are "barriers"
to exchange. In fact, these laws are the opposite. They're vital foundations to
sharing accurate patient records.

For
its project, CORHIO rounded up the usual "stakeholders" at six focus
groups around the state. That’s how it's done—wrapping "consensus"
around a policy—in this case, to eliminate patients' rights to control their
behavioral health records.

The
feds have quietly supported multiple efforts to wipe out state consent laws,
but they want to do it without the clamor of seeking pre-emptive federal
legislation. I'll talk about that tomorrow. In the CORHIO case, it meant ending
Coloradans' control over the movement of their mental-health records.

Colorado
once had a stringent privacy law in its Mental Health Practice Act. Like
similar patient privacy laws in multiple states, it barred Colorado
mental-health professionals from disclosing "any confidential
communications made by the client, or advice given to the client" without
patient consent.

Previously,
I blogged about the Colorado Regional Health Information Organization's blueprint
on how patients' behavioral-health records might be linked to other medical
records in health information exchanges.

In
2005, HHS awarded a $17 million contract to RTI International and the National
Governors Association with the aim, in part, to provide ammunition for
then-Rep. Nancy Johnson (R-Conn.), whose health information technology bill
called for federal
pre-emption of state privacy laws in favor of one uniform federal
law.

Johnson's
bill enjoyed broad health IT industry support. I was in Washington in mid-2006
for a Healthcare Information and Management Systems Society-sponsored IT
summit that dispatched more than 400 IT users to lobby their legislators
for it. The bill included a HIPAA amendment to pre-empt state consent laws.

But
pre-emption
was stripped out by the House Energy and Commerce Committee, chaired by Rep. Joe
Barton (R-Texas). Johnson's bill, and her political career, soon died.

Undeterred,
RTI and the NGA pushed on with dozens of state committees, including one in
Colorado. Each was presented with an RTI-delivered framework that presumed
state patient consent laws were "barriers" to health information
exchange and that tilted toward removing—not accommodating—them.

To
be sure, improving health information exchange is a worthy goal, and the CORHIO
folks, citing the opinions of its focus group members, listed the many
advantages of adding behavioral health records to HIEs. The same benefits are
so often cited by proponents of records exchange that they don't need repeating
here.

First - and less important to a degree are the comments on
dodgy consultation in e-Health. Boy have we seen a lot of that here.

Second - and most important is this paragraph.

“Providing
safe, high-quality, high-value healthcare services requires patient consent.
For patients who have conditions that could stigmatize them, cost them a
relationship or a job or prevent them from obtaining affordable health
insurance if their medical records were not kept private, the right of consent
is akin to the right of social and economic survival. Without security and
control, patients will lie or withhold
information even more than they do now, which is often.”

All
I can say is never was a truer word written.I hope the proponents of the NEHRS realise this is just as true in
Australia as it is in the US.

11 comments:

Anonymous
said...

David, I think you have seen the consent model that's in the concept of operations. So I think you know that PCEHR requires:1. A patient to opt-in to the record overall2. A clinician to obtain consent to any upload of data for a patient to their record, even after the patient has consented to the overall record.

Is there a reason you paint this as "I hope the proponents of the NEHRS realise this is just as true in Australia as it is in the US." when you know that it's in the plans?

Yup, you are right. Perhaps I did not make it clear that my concern is not in the theory of how things are to work but how they will actually work in practice.

Everywhere in the world we have leaks and breaches of information and for the Government to be creating a new data base which a lot of experts suggest will be virtually impossible to secure is a worry to me.

Records held in single practices can so some harm if leaked. The NEHRS could do a lot more harm in a trice.

Besides we know the Audit Trails will be a joke etc etc.

You create a big database of sensitive information you take a big risk! - Sorry I did not make it clear that was in my mind - I don't expect people to be mind readers.

OK, but that's moving into different territory. So we're agreeing there is a consent model, your question is about security.

Yes, if a system is created that gives a patient (consumer) access to all their records in a single place, then compromise of that patient's computer will potentially compromise those records. That's something the patient has to weigh up against the convenience for them of getting access to those records.

I would note that a patient can create a record over the phone or in person with Medicare, but never actually get themselves a consumer portal logon. If they do that, then this risk would be removed, as they don't have access from their personal computer.

On audit trails, what about them do you see as being a joke? Every access to a record is audited. Every download is audited. If the provider or patient print the document, clearly we lose visibility of who they show it too. Similarly, if they download it into their hospital or practice system, we lose visibility of who views it. But we know that practice or hospital took a copy. Do you have an alternate solution that would work?

I think you need to go back through the blog. I am concerned with the whole idea of a national shared record that is a accessible from both GP Computers and all the other routes you mention.

The audit trails in GP practices will not be in the least robust for years until NASH is properly implemented - if ever.

The ID of web users is equally leaky in my view. It is not even intended to be two factor as far as I can tell.

Note: The ConOps had a consent model. But I don't agree it is correct for the plans they have - it is just too complex and ensures low levels of clinician use. I would much rather have a very limited, provider only, shared system with consumers accessing local provider records and the security, audit trails etc sorted out first - as it is not with all the mindless rush!

You comment favourably on Joseph's post, which is largely in favour of patient control and therefore presumably patient visibility of their records. At the same time you attack PCEHR for providing patient visibility of information, and assert that you think it would be much better for only clinicians to see an aggregated record, with patients being forced to go to visit each clinician to see their records. This is the antithesis of what Joseph is suggesting.

You suggest that controls in a GP practice are weak, and in the same breath suggest that consumers should rely on those controls, as they would only get access to local provider records.

You support Joseph's post on how patient control is so important, and shouldn't be swept away for mere convenience, and yet say that you think that the patient controls in PCEHR are too complex and would reduce clinician takeup - surely just another way of saying that they are inconvenient and should be swept away.

I understand that you oppose the PCEHR, but it would be at least nice to have some consistency and logic on the opposition, rather than purely saying "whatever PCEHR is doing is bad."

Sorry, you misunderstand my position. I support patient access to the same record the clinicians use to treat the patient - not access and control some secondary system as the PCEHR is. (Obviously this requires a key provider - like the main GP caring for the patient to provide electronic access.)

The model used by EMIS in the UK and Kaiser in the US are much better than the PCEHR. I am also wanting to constrain the growth of conceptually centralised data-bases rather than distributed systems.

Distributed reduces risk of major breaches and improves data quality. Of course the key provider is supported by an working HIE infrastructure - which assembles and queries 'on the fly'.

Your proposed architecture is valid, but has some quite substantial downsides. I believe the tradeoffs of a central index outweigh the impacts of that central index existing.

Firstly, you appear to be suggesting a federated model where a clinician can still get a full listing of all documents. I also note that the key security risk appears to be at the user end (whether provider or patient). If a clinician has access to the full set of records then the underlying architecture is immaterial, compromise of that clinician's credential will grant access to all those records.

That is to say, security of the end user credential is not, to my mind, a reason to prefer a federated v's a centralised architecture.

The PCEHR does not have a fully centralised architecture. It does have a centralised index, using the xds.b standard. That standard is specifically designed for addressing the problem of how to get a single list of documents in a landscape of federated repositories. It is commonly used, so whilst it is entirely valid to disagree with it's use, that's a bit different than declaring it won't work - lot's of places use it.

1. Performance. Any attempt to get the full list of records requires accessing every repository. Analysis shows that system performance is a clinical safety issue (that is, if it's too slow then people don't use it)

2. Dropping of information. If you have a lot of federated repositories, odds are that one or more time out, are offline, or some other gap in any given query. Again, information that could have been available but isn't returned in a query is a problem.

3. There is no reason this impacts data quality at all. The end user (clinician or consumer) cannot actually tell whether the data is in a federated model or in a single index - the user experience is the same, other than the performance and uptime issues. So I cannot see how data quality would be different.

4. This model pushes the GP back to the centre. That is an admirable aim, but you'd have to accept that many people in Australia do not have a primary GP, and if existence of a primary GP is a pre-requisite for a solution to work, then a bunch of people will get missed. How does your preferred approach deal with this situation?

Again you are missing the point I feel. What I am suggesting is an architecture and approach that seems to work and that patients like and will sign up to voluntarily.

How it is made to work 'under the covers' is less of a concern to me and the reason we have smart technical souls to figure it out.

Not to sidetrack but this overall issue with all the pros and cons should have been discussed 3-4 years ago. The debate and discussion never happened or happened in secret.

On data quality - if the same record is used by all it is much more likely to be accurately maintained.

I am suggesting each patient has one record managed by their primary clinician and made accessible by that clinician. Duplicating systems off out there in the cloud is not a good idea to me.

On your last point I want the GP to be central as this is the best model of care we know of (US medical home etc). If people choose not to have a regular GP then it all gets much harder - and no design I know of suits that care delivery model.

My key objection is that the idea of creating a duplicate Government run data-base which replicates some of the information held in operational provider data-bases and systems and offering patients control of the distribution of the information subset is essentially silly and ill-conceived, and that there is no evidence it will save lives or make a difference.

When there are working models elsewhere why are we inventing our own unproven approach (without even doing proper pilots) and just not really listening to a range of well informed e-Health experts?

There are a lot of other reasons and my blog covers them if you browse back.